Skip to content
← Back to Home

Privacy Policy

Last updated: March 2026

1. Introduction

Sucana (“we,” “our,” or “us”) operates the Sucana platform at sucana.ai. This Privacy Policy describes how we collect, use, store, and share your information when you use our services.

By using Sucana, you agree to the collection and use of information as described in this policy. Please also review our Terms of Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Your name and email address
  • Company name
  • Password (stored hashed, never in plaintext)

2.2 Ad Platform Data via OAuth

When you connect your advertising accounts, we access the following data through secure OAuth connections:

Google Ads

  • Campaign, ad group, and ad performance data (impressions, clicks, spend, conversions, cost-per-result)
  • Account structure and settings
  • Historical performance metrics

Google OAuth scope used: https://www.googleapis.com/auth/adwords.readonly (read-only access to Google Ads data)

Meta Ads (Facebook/Instagram)

  • Campaign, ad set, and ad performance data
  • Account structure and creative assets metadata
  • Historical performance metrics

Go High Level

  • Contact and lead data as authorized by your account
  • Campaign and workflow performance data

2.3 Usage Data

We collect information about how you interact with the Sucana platform:

  • Features accessed and actions taken within the dashboard
  • AI chat queries and interactions
  • Session duration and frequency of use

2.4 Technical Data

We automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring URLs

3. How We Use Your Information

We use the information we collect to:

  • Provide our core service: Display unified analytics dashboards, generate performance reports, and power AI-driven campaign insights
  • Sync and process data: Import and normalize advertising data from connected platforms for analysis
  • Improve our service: Analyze aggregated, anonymized usage patterns to improve Sucana's features and user experience
  • Communicate with you: Send service-related notifications, respond to support requests, and provide product updates

We do not use your Google Ads data, Meta Ads data, or any connected platform data for advertising, retargeting, or any purpose other than providing you the Sucana analytics features visible in the application.

4. Google API Services User Data Policy Compliance

Sucana's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Sucana:

  • Only uses Google data for user-facing features that are prominent and visible in the Sucana application interface (analytics dashboards, AI chat insights, performance reports)
  • Does not transfer Google user data to third parties except: as necessary to provide or improve user-facing features (e.g., to our infrastructure providers listed in Section 5), with your explicit consent, for security purposes, or to comply with applicable law
  • Does not use Google user data for advertising, including retargeting, personalized advertising, or interest-based advertising
  • Does not use Google user data for credit assessment, lending, insurance underwriting, or any financial determination
  • Does not transfer Google user data to data brokers, information resellers, or any surveillance-related purposes
  • Does not allow humans to read your Google user data unless: you have given affirmative consent to view specific data (e.g., during a support request), it is necessary for security investigation with documented justification, it is required by law, or the data is aggregated and anonymized so that it cannot identify any individual user

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

We share data only with the following service providers who process data on our behalf under strict contractual obligations:

ProviderPurposeData Accessed
SupabaseDatabase hosting and authenticationAccount data, encrypted OAuth tokens, ad performance data
VercelApplication hosting and deploymentTechnical data (IP, browser) via server logs

We may also disclose information:

  • With your consent: When you explicitly authorize sharing
  • For legal compliance: To comply with a law, regulation, legal process, or government request
  • To protect rights and safety: To enforce our terms, protect our operations, or protect the rights, privacy, safety, or property of Sucana, our users, or others

6. Data Security

We implement the following security measures to protect your information:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Encryption at rest: All stored data, including OAuth tokens and ad platform credentials, is encrypted at rest
  • Access controls: Database-level access restrictions prevent unauthorized querying of personal data. No Sucana personnel have direct access to personal data fields without documented justification
  • Token security: OAuth access tokens are encrypted before storage and are never logged or exposed in application interfaces
  • Audit logging: Access attempts to sensitive data are logged and monitored

7. Data Retention

  • Active accounts: We retain your data for as long as your account is active and you maintain connected ad platform integrations
  • Disconnected platforms: When you disconnect an ad platform, we revoke the OAuth tokens immediately and delete the associated platform data within 30 days
  • Account deletion: When you request account deletion, we delete all your personal data and ad platform data within 30 days. Backups containing your data are purged within 90 days
  • Legal obligations: We may retain certain data longer if required by law

To request data deletion, contact us at privacy@sucana.ai.

8. Your Rights and Controls

General Rights

You have the right to:

  • Access your personal information held by Sucana
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Disconnect any connected ad platform at any time through your Sucana dashboard
  • Export your data in a portable format upon request

Google-Specific Controls

To manage Sucana's access to your Google Ads data:

  • In Sucana: Go to Settings > Integrations > Google Ads > Disconnect
  • In Google: Visit Google Account Permissions to revoke Sucana's access directly
  • After revocation: All Google Ads data stored in Sucana is deleted within 30 days

For EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you additionally have the right to:

  • Object to processing of your personal data
  • Restrict processing under certain circumstances
  • Data portability: Receive your data in a structured, machine-readable format
  • Lodge a complaint with your local data protection supervisory authority

For California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Delete your personal information
  • Opt out of sale: We do not sell your personal information. We never have and never will.
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights

9. Cookies and Tracking

Sucana uses the following cookies:

Cookie TypePurposeDuration
Session cookiesMaintain your login sessionDuration of browser session
Authentication cookiesRemember your authenticated stateUp to 30 days

We do not use third-party advertising cookies, tracking pixels, or behavioral tracking technologies on the Sucana platform.

10. Children's Privacy

Sucana is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@sucana.ai.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users via email within 72 hours of confirming the breach
  • Describe the nature of the breach and the types of data involved
  • Outline the steps we are taking to address the breach and mitigate harm
  • Provide guidance on steps you can take to protect yourself
  • Notify relevant supervisory authorities as required by applicable law

12. International Data Transfers

Sucana processes and stores data in the United States. If you are accessing Sucana from outside the United States, your data will be transferred to and processed in the United States.

We ensure that any international data transfers comply with applicable data protection laws by implementing appropriate safeguards, including contractual obligations with our service providers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this policy
  • Notify you via email or through the Sucana platform
  • Where required by law, obtain your consent before applying changes

Your continued use of Sucana after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

  • Email: privacy@sucana.ai
  • General Support: support@sucana.ai
  • Legal/Data Requests: legal@sucana.com